-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Now that bind is sending cookies by default, there are some broken servers out there that we need to configure with send-cookie no;.
Unless I am missing something, 9.11.0-P1 will (by default) fail to resolve names like airdownload.wip4.adobe.com. In the interest of publicly naming and shaming their operators, I will add an "include /etc/named.broken.servers" file in my packaging. The content so far is below. Send me a note if you run into any others. // adobe servers that don't understand edns options // dig wip4.adobe.com ns // dig airdownload.wip4.adobe.com @192.150.16.247 +cookie ==> nxdomain // dig airdownload.wip4.adobe.com @192.150.16.247 +nocookie ==> noerror server 192.150.16.247 { send-cookie no; }; server 192.150.19.247 { send-cookie no; }; server 193.104.215.247 { send-cookie no; }; // eia.gov servers that don't understand edns options // dig eia.gov ns // dig phantom.eia.gov. @205.254.135.9 +cookie => formerr // dig phantom.eia.gov. @205.254.135.9 +nocookie => noerror server 205.254.135.9 { send-cookie no; }; server 199.36.140.199 { send-cookie no; }; // lctcs.edu servers that don't understand edns options // dig lctcs.edu ns // dig www.lctcs.edu @76.165.120.16 +cookie => formerr // dig www.lctcs.edu @76.165.120.16 +nocookie => noerror server 76.165.120.16 { send-cookie no; }; server 76.165.210.249 { send-cookie no; }; // london-nano.com servers that don't understand edns options // dig london-nano.com ns // dig www.london-nano.com @213.162.97.177 +cookie // dig www.london-nano.com @213.162.97.177 +nocookie server 213.162.97.177 { send-cookie no; }; server 213.162.97.178 { send-cookie no; }; // etdbw.com servers that don't understand edns options (www.mycoverageinfo.com) // dig www.mycoverageinfo.gtm.etdbw.com. +trace // dig www.mycoverageinfo.gtm.etdbw.com. @167.79.186.7 +cookie => noerror, 0 answers // dig www.mycoverageinfo.gtm.etdbw.com. @167.79.186.7 +nocookie => noerror, 1 answer server 167.79.45.7 { send-cookie no; }; server 167.79.182.7 { send-cookie no; }; server 167.79.186.7 { send-cookie no; }; server 167.79.192.7 { send-cookie no; }; -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlgsp6AACgkQL6j7milTFsF5VACfXxKp+HLNNX7fczr4xF4qT4LP UCIAn3h4WPC2QZ21+gYnSuECG3t2nwEQ =22tF -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users